Three Way Authentication Protocol for Privacy Preserving and Ownership Authentication Transfer for Ubiquitous Computing Devices

摘要

Now a days almost everybody is having a portable communication device, be it a laptop, a tablet or smart phones. The user would like to have all the services at his fingertips and access them through the portable device he owns. The user would exchange data with the other user or the service provider or control the smart appliances at his home. The interactions between the user's device and the service provider must be secure enough regardless of the type of device used to access or utilize the services. In this paper we propose a "Three Way Authentication (TWA)" technique intended to preserve the user privacy and to accomplish ownership authentication in order to securely deliver the services to the user devices. This technique will also help the users or the service providers to check whether the device is compromised or not with the help of the encrypted pass-phrases that are being exchanged. The users use the devices to store most of the valuable information and will prove risky when the device is borrowed by the other user or when it is lost or stolen. To safeguard the user data and also to preserve user privacy we also propose the technique of Authenticated Ownership Transfer (AOT). The user who sells the device has to transfer the ownership of the device under sale. Once the ownership has been transferred, the old owner will not be able to use that device at any cost. Neither of the users will be able to use the device if the process of ownership has not been carried out properly. This also takes care of the scenario when the device has been stolen or lost, avoiding the impersonation attack. The proposed protocol has been modeled and tested with Automated Validation of Internet Security Protocols and Applications (AVISPA) and is found to be safe.